Apple QuickTime Plug-In Arbitrary Script Execution Weakness

Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files (.qtl).

An attacker can exploit this issue to execute arbitrary script code in the context of the affected application and load local content in a user's browser. Although this weakness doesn't pose any direct security threat by itself, an attacker may use it to aid in further attacks.

QuickTime 7.1.3 is vulnerable; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus